REGARDING THE SECURITY VULNERABILITY KNOWN AS ‘KRACK'

An automatic software upgrade (version 1.2.208) has been released to eliminate the 'KRACK" vulnerability in Portal mesh systems. Single Portal systems have not been vulnerable. The automatic software update occurred at 2am local time. We apologize for any interruption in operation during the update.

While the update removes the vulnerability to Portal, 'KRACK' can still affect your client devices. We recommend that you update your clients to the latest software revisions and continue to be diligent with your client's virus protection.

The team continues to work to make Portal among the most secure routers. However, when vulnerabilities are discovered we will provide automatic updates as soon as possible.

You may have become aware of a recently discovered vulnerability in WiFi networks using WPA2encryption that can allow unauthorized users access to your WiFi network and data traffic. This is beingreferred to as KRACK (for Keyed Reinstallation Attack ).

This is an industry-wide vulnerability impacting many WiFi products; primarily client devices that accessWiFi (such as smartphones, PCs, etc.), but also many mesh-routers like Portal. While no attacks havebeen reported, we consider security threats with the highest concern and want to update you on howthis may affect your Portal WiFi router.

Portal WiFi Routers can be used in two ways: (1) as a single, standalone WiFi router or (2) in combinationwith two Portal routers as part of a mesh WiFi system.

Your network is NOT vulnerable to this attack if you use only one Portal (as a standalone WiFirouter) or you have multiple Portal routers which are ALL connected by ethernet cables (anon-mesh system).

Your network MAY BE affected if you are using more than one Portal connected wirelessly (in amesh WiFi system).

However, it is important to understand that KRACK has specific conditions for risk. For example, the attacker has to be within the range of your WiFi network. They can only eavesdrop on unsecured traffic andonly if they have they have the right tools … it isn’t easy. They cannot obtain your WiFi password, and inthe case of Portal WiFi routers, the attacker cannot inject packets to alter your traffic. In other words, youcannot be attacked from miles away, your Portal cannot be hijacked, and if you are using SSL and HTTPS security protocols, as most banking websites and secure payment sites do, your data remains safe.

We have identified a patch to correct this vulnerability and are working to release a new version of thefirmware within a week or so, after compliance testing. The firmware calendar link appears below.

If you are still concerned and would like to eliminate exposure, we recommend disabling mesh and usingPortal in single, standalone mode until we issue the new firmware patch. To do this, simply unplug thepower cord of your second Portal router (the one not directly connected to your modem.)

It is also important to remember that KRACK can affect WiFi devices like computers, phones, and tablets.We recommend updating your devices to the latest firmware and/or operating system versions whenmanufacturers make them available.

We are doing everything we can to address this issue for our mesh users as swiftly as we can. If you have any concerns, please reach out to us on Twitter @GetPortalNow or visit our support site.The security of our users is our number one priority.